Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 304703 Details for
Bug 445043
RHEL 5.1 MRG+MLS: RT tools produce boot AVCs
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Audit log from 137 policy
audit.log (text/plain), 9.28 KB, created by
IBM Bug Proxy
on 2008-05-07 00:00:44 UTC
(
hide
)
Description:
Audit log from 137 policy
Filename:
MIME Type:
Creator:
IBM Bug Proxy
Created:
2008-05-07 00:00:44 UTC
Size:
9.28 KB
patch
obsolete
>type=CRED_DISP msg=audit(1210200548.292:190): user pid=3266 uid=0 auid=500 subj=system_u:system_r:sshd_t:s0-s15:c0.c1023 msg='PAM: setcred acct="ealuser" : exe="/usr/sbin/sshd" (hostname=ea.austin.ibm.com, addr=9.53.40.26, terminal=ssh res=success)' >type=USER_END msg=audit(1210200548.296:191): user pid=3266 uid=0 auid=500 subj=system_u:system_r:sshd_t:s0-s15:c0.c1023 msg='PAM: session close acct="ealuser" : exe="/usr/sbin/sshd" (hostname=ea.austin.ibm.com, addr=9.53.40.26, terminal=ssh res=success)' >type=USER_END msg=audit(1210200548.306:192): user pid=3341 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0-s15:c0.c1023 msg='PAM: session close acct="ealuser" : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/0 res=success)' >type=AVC msg=audit(1210200548.307:193): avc: denied { read } for pid=3306 comm="bash" name=".bash_logout" dev=dm-0 ino=779524 scontext=staff_u:staff_r:staff_t:s0-s15:c0.c1023 tcontext=root:object_r:sysadm_home_t:s0 tclass=file >type=SYSCALL msg=audit(1210200548.307:193): arch=c000003e syscall=2 success=yes exit=3 a0=8c7430 a1=0 a2=42bfc0 a3=0 items=0 ppid=3303 pid=3306 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0-s15:c0.c1023 key=(null) >type=AVC msg=audit(1210200548.457:194): avc: denied { append } for pid=3306 comm="bash" name=".bash_history" dev=dm-0 ino=779822 scontext=staff_u:staff_r:staff_t:s0-s15:c0.c1023 tcontext=root:object_r:sysadm_home_t:s0 tclass=file >type=SYSCALL msg=audit(1210200548.457:194): arch=c000003e syscall=2 success=yes exit=3 a0=8cecc0 a1=401 a2=180 a3=8 items=0 ppid=3303 pid=3306 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0-s15:c0.c1023 key=(null) >type=AVC msg=audit(1210200548.481:195): avc: denied { write } for pid=3306 comm="bash" name=".bash_history" dev=dm-0 ino=779822 scontext=staff_u:staff_r:staff_t:s0-s15:c0.c1023 tcontext=root:object_r:sysadm_home_t:s0 tclass=file >type=SYSCALL msg=audit(1210200548.481:195): arch=c000003e syscall=2 success=yes exit=3 a0=8cecc0 a1=201 a2=180 a3=3 items=0 ppid=3303 pid=3306 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="bash" exe="/bin/bash" subj=staff_u:staff_r:staff_t:s0-s15:c0.c1023 key=(null) >type=CRED_DISP msg=audit(1210200548.484:196): user pid=3303 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0-s15:c0.c1023 msg='PAM: setcred acct="root" : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' >type=USER_END msg=audit(1210200548.484:197): user pid=3303 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0-s15:c0.c1023 msg='PAM: session close acct="root" : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' >type=DAEMON_END msg=audit(1210200549.038:9944): auditd normal halt, sending auid=4294967295 pid=3534 subj=system_u:system_r:initrc_t:s0-s15:c0.c1023 res=success, auditd pid=2702 >type=DAEMON_START msg=audit(1210200854.332:153): auditd start, ver=1.5.5, format=raw, auid=4294967295 pid=2710 res=success, auditd pid=2710 >type=CONFIG_CHANGE msg=audit(1210200854.432:146): audit_enabled=1 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s15:c0.c1023 res=1 >type=CONFIG_CHANGE msg=audit(1210200854.432:147): audit_enabled=1 old=0 by auid=4294967295 res=1 >type=AVC msg=audit(1210200855.435:148): avc: denied { sys_nice } for pid=2781 comm="modprobe" capability=23 scontext=system_u:system_r:insmod_t:s0-s15:c0.c1023 tcontext=system_u:system_r:insmod_t:s0-s15:c0.c1023 tclass=capability >type=SYSCALL msg=audit(1210200855.435:148): arch=c000003e syscall=175 success=yes exit=0 a0=6222c0 a1=a3a0 a2=61bd10 a3=61bd10 items=0 ppid=2774 pid=2781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="modprobe" exe="/sbin/modprobe" subj=system_u:system_r:insmod_t:s0-s15:c0.c1023 key=(null) >type=LABEL_LEVEL_CHANGE msg=audit(1210200859.102:149): user pid=2824 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s15:c0.c1023 msg='[Config] Classification=mls: exe="/usr/sbin/cupsd" (hostname=bracer2.ltc.austin.ibm.com, addr=9.3.192.193, terminal=? res=success)' >type=USER_AUTH msg=audit(1210200924.290:150): user pid=2983 uid=0 auid=4294967295 subj=system_u:system_r:sshd_t:s0-s15:c0.c1023 msg='PAM: authentication acct="ealuser" : exe="/usr/sbin/sshd" (hostname=ea.austin.ibm.com, addr=9.53.40.26, terminal=ssh res=success)' >type=USER_ACCT msg=audit(1210200924.300:151): user pid=2983 uid=0 auid=4294967295 subj=system_u:system_r:sshd_t:s0-s15:c0.c1023 msg='PAM: accounting acct="ealuser" : exe="/usr/sbin/sshd" (hostname=ea.austin.ibm.com, addr=9.53.40.26, terminal=ssh res=success)' >type=CRED_ACQ msg=audit(1210200924.322:152): user pid=2981 uid=0 auid=4294967295 subj=system_u:system_r:sshd_t:s0-s15:c0.c1023 msg='PAM: setcred acct="ealuser" : exe="/usr/sbin/sshd" (hostname=ea.austin.ibm.com, addr=9.53.40.26, terminal=ssh res=success)' >type=LOGIN msg=audit(1210200924.350:153): login pid=2981 uid=0 old auid=4294967295 new auid=500 >type=USER_START msg=audit(1210200924.384:154): user pid=2981 uid=0 auid=500 subj=system_u:system_r:sshd_t:s0-s15:c0.c1023 msg='PAM: session open acct="ealuser" : exe="/usr/sbin/sshd" (hostname=ea.austin.ibm.com, addr=9.53.40.26, terminal=ssh res=success)' >type=CRED_REFR msg=audit(1210200924.386:155): user pid=2989 uid=0 auid=500 subj=system_u:system_r:sshd_t:s0-s15:c0.c1023 msg='PAM: setcred acct="ealuser" : exe="/usr/sbin/sshd" (hostname=ea.austin.ibm.com, addr=9.53.40.26, terminal=ssh res=success)' >type=USER_LOGIN msg=audit(1210200924.409:156): user pid=2981 uid=0 auid=500 subj=system_u:system_r:sshd_t:s0-s15:c0.c1023 msg='uid=500: exe="/usr/sbin/sshd" (hostname=ea.austin.ibm.com, addr=9.53.40.26, terminal=/dev/pts/0 res=success)' >type=USER_AUTH msg=audit(1210200929.362:157): user pid=3018 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0-s15:c0.c1023 msg='PAM: authentication acct="root" : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' >type=USER_ACCT msg=audit(1210200929.366:158): user pid=3018 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0-s15:c0.c1023 msg='PAM: accounting acct="root" : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' >type=USER_START msg=audit(1210200929.368:159): user pid=3018 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0-s15:c0.c1023 msg='PAM: session open acct="root" : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' >type=CRED_ACQ msg=audit(1210200929.368:160): user pid=3018 uid=500 auid=500 subj=staff_u:staff_r:staff_su_t:s0-s15:c0.c1023 msg='PAM: setcred acct="root" : exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' >type=USER_AUTH msg=audit(1210200940.540:161): user pid=3054 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0-s15:c0.c1023 msg='PAM: authentication acct="ealuser" : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/0 res=success)' >type=USER_ACCT msg=audit(1210200940.543:162): user pid=3054 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0-s15:c0.c1023 msg='PAM: accounting acct="ealuser" : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/0 res=success)' >type=USER_START msg=audit(1210200940.557:163): user pid=3057 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0-s15:c0.c1023 msg='PAM: session open acct="ealuser" : exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=pts/0 res=success)' >type=USER_ROLE_CHANGE msg=audit(1210200940.557:164): user pid=3057 uid=0 auid=500 subj=staff_u:staff_r:newrole_t:s0-s15:c0.c1023 msg='newrole: old-context=staff_u:staff_r:staff_t:SystemLow-SystemHigh new-context=staff_u:sysadm_r:sysadm_t:SystemLow-SystemHigh: exe="/usr/bin/newrole" (hostname=?, addr=?, terminal=/dev/pts/0 res=success)' >type=AVC msg=audit(1210201003.310:165): avc: denied { search } for pid=3096 comm="ssh" name="system_u:object_r:tmp_t:s0-s15:c0.c1023_ealuser" dev=dm-0 ino=162402 scontext=staff_u:sysadm_r:sysadm_ssh_t:s0-s15:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir >type=SYSCALL msg=audit(1210201003.310:165): arch=c000003e syscall=2 success=no exit=-13 a0=5555557bd0b0 a1=0 a2=180 a3=0 items=0 ppid=3095 pid=3096 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 comm="ssh" exe="/usr/bin/ssh" subj=staff_u:sysadm_r:sysadm_ssh_t:s0-s15:c0.c1023 key=(null) >type=AVC msg=audit(1210201003.312:166): avc: denied { search } for pid=3096 comm="ssh" name="system_u:object_r:tmp_t:s0-s15:c0.c1023_ealuser" dev=dm-0 ino=162402 scontext=staff_u:sysadm_r:sysadm_ssh_t:s0-s15:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir >type=SYSCALL msg=audit(1210201003.312:166): arch=c000003e syscall=2 success=no exit=-13 a0=5555557bc980 a1=0 a2=180 a3=0 items=0 ppid=3095 pid=3096 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 comm="ssh" exe="/usr/bin/ssh" subj=staff_u:sysadm_r:sysadm_ssh_t:s0-s15:c0.c1023 key=(null) >type=AVC msg=audit(1210201003.314:167): avc: denied { search } for pid=3096 comm="ssh" name="system_u:object_r:tmp_t:s0-s15:c0.c1023_ealuser" dev=dm-0 ino=162402 scontext=staff_u:sysadm_r:sysadm_ssh_t:s0-s15:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=dir >type=SYSCALL msg=audit(1210201003.314:167): arch=c000003e syscall=2 success=no exit=-13 a0=5555557bc980 a1=0 a2=180 a3=0 items=0 ppid=3095 pid=3096 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 comm="ssh" exe="/usr/bin/ssh" subj=staff_u:sysadm_r:sysadm_ssh_t:s0-s15:c0.c1023 key=(null)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=304703">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 445043
:
304683
|
304684
| 304703 |
304704